HEARTWOOD RECOVERY  PRIVACY POLICY

Effective Date: 04/1/22

Last Modified: 05/10/22

737-279-7505
heartwoodrecovery.com
info@heartwoodrecovery.com
6404 Ridge Oak Rd. Austin, TX, 78749

Your privacy is important to us. This Privacy Policy describes what Personal Data (as we describe further below) we collect about you, our legal basis for processing the Personal Data, how the Personal Data will be used and shared (if at all), how the Personal Data will be stored, and your rights in relation to the collection of your Personal Data when you visit, use, or interact with heartwoodrecovery.com.

This Privacy Policy also covers how your Personal Data is handled by our third-party data processors.

Through your use of heartwoodrecovery.com, you may find links to other websites or mobile applications, but this Privacy Policy won’t apply to any of those linked applications or websites, unless they are also our data processors, which we will describe clearly in this Privacy Policy. We are not responsible in any manner for the privacy practices of those websites or mobile applications.

We are committed to the protection of your privacy while you use heartwoodrecovery.com.

Who are we (in other words, who is collecting your Personal Data)?

We are 6404 Ridge Oak Rd. Austin, TX, 78749. We collect and process your Personal Data, as well as manage our third-party service providers that additionally process your Personal Data.

Who is our data protection officer (in other words, who oversees the handling of your personal data)?

Our data protection officer, or DPO, is Frank Schmitt. Our DPO can be reached at info@heartwoodrecovery.com.

How can you contact us?

The best way to heartwoodrecovery.com is as follows: Phone: 737-325-3556.

What Personal Data do we collect from you and why?

Through your visitation to, use of, and interaction with heartwoodrecovery.com, you will be asked for certain types of Personal Data. This section will only cover Personal Data that we receive specifically from you.

1. Personal Data collected when you register or, click “Submit” in order to “Get Your Free Confidential Consultation” on our home page. That way we can contact you about our services and be ready to address any specific matters you reference in your message, we may do this via email, text, and/or phone call. You will be required to register to use any of our services. When you do so, we ask you for the following Personal Data: email, phone number, name, what resources you have for treatment.

Why do we collect this Personal Data? We collect the Personal Data we do at registration for the sole and exclusive purpose of providing our services to you and allowing you to use heartwoodrecovery.com. By registering with us, we’ll be able to better serve you and provide a more personalized user experience for you each time that you visit us. As well for these purposes:

• to respond to your inquiries and fulfill your requests;
• to inform you about important information regarding the Site or services which may interest you or changes to terms, conditions, and policies and/or other administrative information;
• to deliver marketing communications that we believe may be of interest to you, including, ads or offers tailored to you, including ads on other websites;
• to personalize your experience on the Site;
• to verify your identity and/or location (or the identity or location of your representative or agent) in order to allow access to your services, conduct online transactions and to maintain measures aimed at preventing fraud and protecting the security of your Personal Information;
• to allow you to participate in surveys and other forms of market research;
• to send you e-mails regarding system downtime and/or changes to this Privacy Policy
• for business purposes, including data analysis, audits, developing and improving services, enhancing the Site, identifying usage trends and determining the effectiveness of web pages; and
• for risk control, for fraud detection and prevention, to comply with laws and regulations, and to comply with other legal process and law enforcement requirements.
• We may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

2. Personal Data collected when we communicate with you:As a user of heartwoodrecovery.com we may communicate with you about your account with us. These communications specifically won’t be marketing communications, but will rather be informational items such as updates to our policies or other privacy-related matters. You may also be asked questions about how to improve heartwoodrecovery.com, or you may, at some point, communicate with our representatives because of questions that you have. We consider this information Personal Data. We will receive the contents of your communications, answers to questions, and any other form of contact between you and us.

Why do we collect this Personal Data? We collect the Personal Data we do through your communication with us to assist you in using our services.

What Personal Data do we collect about you that we get from other sources and why?

3. Personal location data:We may use and store information about your location depending on the permissions you have set on your device.

Why do we collect this Personal Data? We solely and exclusively use this information to provide location-related features of our services, such as treatment options or other informational services regarding the purpose of your visit relevant to your location. You can enable or disable location services when you use our services at any time, through your mobile device settings.

4. Personal Data from cookies: We use cookies. Cookies are small files stored on your computer or mobile device which collect information about your browsing behavior (we’ll call this “Automatic Data”). These cookies do not access information which is stored on your device. For our website, Automatic Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, and other statistics. For our mobile application, or when you visit heartwoodrecovery.com through a mobile device, this Automatic Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser, and other statistics.

Why do we collect this Personal Data? We use cookies to help us remember information about your account. We also use cookies to save your preferences for future visits, keep track of advertisements, and to analyze traffic and usage patterns so that we can continue to improve our services.

What can I do about cookies? Most Internet browsers accept cookies automatically, although, you are able to change your browser settings to control cookies, including whether or not you accept them, and to remove them. You may also be able to set your browser to advise you if you receive a cookie, or to block or delete cookies. If you would like to set your browser to refuse cookies, check your browser’s help information or visit https://www.whatarecookies.com for further information. We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

5. Personal data that we combine or aggregate: We may combine or aggregate some of your Personal Data with non-personal data collected from you. While the non-personal data may already be completely anonymous, we may take the extra step of ensuring the data undergoes anonymization or pseudonymization.Either way, this non-personal data may be stored in the same location or used in conjunction with your Personal Data. In case the aggregation of your Personal Data and non-personal data allows us to identify you, we will handle such aggregated information as Personal Data.

 Why do we combine or aggregate data? We combine or aggregate data in order to better serve you and to better enhance and update heartwoodrecovery.com for your and other consumers’ use.

What is our legal basis for processing your Personal Data?

We respect data minimization principles, which is a fancy way of saying we only collect the minimal amount of Personal Data required for legitimate business purposes. In other words, we need the Personal Data that we do to effectively run our business, and we don’t collect more than is necessary. The Personal Data you provide to us voluntarily (like the kind of information that you gave through registration, use, and communication with us) is completely up to you. That said, we may still process automatic Personal Data, such as that received through cookies, regardless of how you interact with our website.

We also, though, want to ensure that you feel we’re always treating your voluntary Personal Data – in other words, the data that we ask you for – just that way you’d expect. Because of that, before you use or access any of our services, you’ll be directed to this Privacy Policy. You should take the time to read and review it carefully, and feel free to reach out to us with any questions. We’ll ask you to a check a box indicating that you’ve read this Privacy Policy in full and agree to the processing of your voluntary Personal Data as we’ve described here.

If you don’t understand this Privacy Policy or you’re not sure about anything we’ve described here, please reach out to us so we can help. If you’re still unsure, it’s best not to use any of our services until we can help.

Additionally, if we collect or process your Personal Data in any way not indicated by this Privacy Policy in the future, we will seek your explicit prior consent. To be clear, consent will be sought if we wish to provide you with direct marketing communications, if we transfer your data to third parties not indicated here, or if we otherwise significantly amend or change this Privacy Policy.

Will your Personal Data ever be shared and if so, how and with whom?

We use third party service providers to help us operate heartwoodrecovery.com, but we’ll never share your Personal Data other than as described here without your explicit consent. These are the third party service providers we currently use, as well as why w

We use them:

MailChimp for list management.
Salesforce for customer relationship management.
CallTrackingMetrics for call and form fill management.

Please note that the third-party service providers indicated above will access your Personal Data only on an “if needed” basis as a part of their partnerships with us. Your Personal Data will be disclosed only if such third parties agree to ensure an adequate level of protection of your Personal Data that is consistent with this Privacy Policy.

In certain cases, however, we may have to disclose your Personal Data to third parties. We limit that disclosure to the following circumstances:

1. To satisfy any local, state, or Federal laws or regulations;
2. To respond to requests, such as discovery, criminal, civil, or administrative process, subpoenas, court orders, or writs from law enforcement or other governmental or legal bodies;
3. To bring legal action against a User who has violated the law or violated the User agreements
4. In the case of any business transfer, sale, or transfer of assets of  heartwoodrecovery.com;
5. To generally cooperate with any lawful investigation about our Users; or
6. If we suspect any fraudulent activity on heartwoodrecovery.com or if we have noticed any activity which may violate our Terms & Conditions or other applicable rules.

Please note that we do not share, sell, or otherwise provide your Personal Data to any third-party advertisers.

Do we ever send you marketing communications?

We may send you marketing communications, such as newsletters and brochures, but only after we obtain your explicit consent. In other words, we’re never going to automatically add you to a mailing list or other marketing communication list – we’ll specifically ask you to opt-in to the communications you want to receive. If you do consent to receive marketing communications through your affirmative opt-in, you’ll be receiving things like newsletters, target campaigns, and offerings of new products, services or recommendations. We also may send push notifications to your mobile device if you’ve consented to do so.

Even if you do want to get marketing messages from us, you’ll be able to revoke your consent at any time. You can do so for push notifications by deactivating the notification permissions on your mobile device. You can do so for marketing communications by

1. Clicking on the “unsubscribe” link contained in each marketing email sent to you, exclusive of the initial welcome email requesting “opt-in” for such communications; or
2. Sending an email to info@heartwoodrecovery.com.

We’ll take you off our marketing list as soon as we can, and you won’t hear from us again.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

How do we store and protect your Personal Data?

Personal Data Storage: We only store your Personal Data as long as it is necessary for providing you with the requested services or until you stop using our services and request deletion of your data (more information can be found in the section below, “What are your rights in relation to your Personal Data?”). Specifically, we store your Personal Data as follows: Salesforce (CRM).

If your Personal Data is no longer necessary for the purposes for which it has been provided, we will immediately delete such Personal Data. However, please note that we may also store your Personal Data for any applicable legal record-keeping, including after the closure of your account, or for additional business purposes (e.g., maintaining our accountancy records, enforcing our Terms of Use, or otherwise maintaining the safety and security of heartwoodrecovery.com for a time period permitted by applicable law.

Personal Data Protection: We employ organizational and technical security measures to protect your Personal Data, such as limiting access to your Personal Data, secured networks, encryption, and anonymization.

We use secure physical and digital systems to store your Personal Data. We ensure that your Personal Data is protected against unauthorized access, disclosure, or destruction by utilizing practices that are consistent with standards in the industry to protect your privacy.

Please note, however, that no system involving the transmission of information via the Internet or the electronic storage of data is completely secure, no matter what reasonable security measures are taken. Although we take the protection and storage of your Personal Data very seriously, and we take all reasonable steps to protect your Personal Data, we cannot be responsible for data breaches that occur outside of our reasonable control. We will, however, follow all applicable laws in the event a data breach occurs, including taking reasonable measures to mitigate any harm as well as notifying you of such breaches as soon as possible, but in no event, later than two weeks time.

What are your rights in relation to your Personal Data?

By using heartwoodrecovery.com, you can exercise the following rights:

1. 1. REFUSING TO PROVIDE YOUR PERSONAL DATA: The voluntary Personal Data you provide to us is an integral part of your use of heartwoodrecovery.com. You can choose to forego the provision of that data, but you may be restricted from using some or all of our services
   2. ACCESSING, OBTAINING, MODIFYING, AND DELETING YOUR PERSONAL DATA: If you wish to access or obtain in a format convenient for you, modify, or delete any Personal Data we may have about you, you may do so by contacting us at info@heartwoodrecovery.com. We will reply to your request as soon as possible but in no event later than two (2) weeks.
   3. SUBMITTING A COMPLAINT: If you would like to submit a complaint to us about the way in which your Personal Data is handled, please contact us by using the contact details located in this Privacy Policy. After you submit such a complaint, we will contact you within three (3) business days confirming that we have received your complaint. Afterwards, we will investigate your complaint and provide you with our response within a reasonable timeframe, but in no event, later than two (2) weeks.
   4. LAUNCHING A COMPLAINT WITH A DATA PROTECTION AUTHORITY: If you are a resident of the European Union and you are not satisfied with the outcome of your complaint submitted to us, you have the right to lodge a complaint with your local data protection authority.

How can you launch a complaint if you’re unhappy with the way in which we collect or process your Personal Data?

As noted elsewhere in this Privacy Policy, you can reach out to us anytime you are unhappy with the processing of your Personal Data. You can also undertake the following:

U.S. Residents: If you’re located in the United States, the collection of your Personal Data, as well as our commitment to the EU-U.S. and Swiss-U.S. Privacy Shield, is subject to investigation and enforcement by the Federal Trade Commission (“FTC”). In compliance with the Privacy Shield Principles, we’re committed to resolving any complaints about the handling of your Personal Data as quickly and efficiently as we can, but if you’re not happy, you can lodge a complaint with the FTC. 

California Privacy Rights: California Civil Code Section § 1798.83 permits Users of heartwoodrecovery.com that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to jeremy@jeremyarmstrong.cc.

E.U. Residents: If you are a resident of the European Union and you are not satisfied with the outcome of your complaint as you submitted it to us, you have the right to lodge a complaint with your local data protection authority. As part of our commitment to the Privacy Shield Principles, we’ve also committed to resolving complaints through an independent recourse mechanism, specifically the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. To a lodge a complaint there, you can visit https://www.bbb.org/EU-privacy-shield/.

You may also be able to invoke binding arbitration before a Privacy Shield Panel created by the U.S. Department of Commerce and European Commission, under certain conditions as detailed in the Privacy Shield.
What happens if we modify or revise this Privacy Policy?

We do reserve the right to modify, revise, or otherwise amend this Privacy Policy at any time and in any manner, but if we make any significant changes or otherwise change the way that we process your Personal Data, we’ll let you know and seek your consent. We’ll also change the date this Privacy Policy was last modified at the top of this document. We will also post a prominent notification on heartwoodrecovery.com alerting you to changes in, and relating to, the Privacy Policy.

Unless we specifically obtain your consent, any changes to the Privacy Policy will only impact the Personal Data collected on or after the date of the change.

What about the international transfer of Personal Data?

We are based in the United States, specifically Laguna Niguel, California. In other words, your Personal Data may be transferred from the location in which you reside to our physical location in the United States. It may also be transferred to third parties, as described above, located in the United States. The risks of transferring data outside of your jurisdiction to the United States include the possibility of data breaches and loss. Before using our services, we ask you to specifically consent to the transference of your personal data to the United States. We will continue to process your Personal Data in the manner described herein, and if we change anything about how we handle your Personal Data, including the international transfer of your Personal Data, we will seek your explicit consent again.

Do we collect any Personal Data from minors?

We do not allow the use of heartwoodrecovery.com or any of our services by users under the age of 18 (eighteen), even users located in the E.U. As such, we don’t collect, store, or otherwise use any Personal Data from any minors. If you are a parent or guardian, and you learn that your children have provided us with Personal Data, please contact us at info@heartwoodrecovery.com. If we become aware that we have collected Personal Data from children without verification of parental consent, we will immediately take steps to remove that information from our servers.

Are we certified to the EU-US Privacy Shield?

We comply with the EU-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from EU Citizens, as described throughout this Privacy Policy. We have certified our commitment to the Privacy Shield Principles, as discussed below, to the U.S. Department of Commerce. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern. More information about the Privacy Shield can be found at www.privacyshield.gov. Our Privacy Shield certification can be found at www.privacyshield.gov/list.

As described throughout this Privacy Policy, we adhere to the Privacy Shield Principles as follows:

1. Notice: This Privacy Policy provides clear, concise, and transparent notice to our users regarding all of our data practices, including how we collect, use, process, and store Personal Data. This Privacy Policy also clearly describes how we disclose Personal Data to third parties, the purposes for which we do so, and your rights in relation to your Personal Data. As described further below, users are given choices and information about limiting the use and disclosure of their Personal Data and information about how we can be contacted for any inquiries.
2. Choice: If the Personal Data we collect, covered by this Privacy Policy, is to be used for any purpose materially different from the purpose described here or disclosed to a third party not acting as our agent, in a manner other than as disclosed here, we’ll always give you an opportunity to opt-out of this materially different use or disclosure. You can email us at info@heartwoodrecovery.com.
3. Accountability for Onward Transfer: If we transfer any of your Personal Data to a third party acting as a controller of your information (in other words, a third party that is making decisions about the purposes for your Personal Data and the means by which they are processed) outside what we’ve disclosed in this Privacy Policy, we’ll only do so after we get your explicit consent. We’ll also make sure that the third party controller only processes your Personal Data for limited and specific purposes as outlined in the explicit consent given and that they’ll provide the same level of protection as consistent with the Privacy Shield Principles. If they can’t do this, we’ll ask them to notify us, and then we’ll ensure they stop processing your Personal Data. For agents, we’ll make sure that they’ll only process Personal Data for limited and specific purposes and that they provide the same level of privacy protection as consistent with the Privacy Shield Principles. Just like third party controllers, if our agents can’t do this, we’ll ask them to notify us so that we can take steps to stop the processing of your Personal Data. Regardless, however, we remain liable if one of our agents processes your Personal Data in a way that’s not consistent with the Privacy Shield Principles (unless we can clearly prove that we’re not responsible for that particular event or circumstance).
4. Security: As we note in our section, “How do we store and protect your Personal Data?,” we take reasonable and appropriate measures to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data on the Internet.
5. Data Integrity and Purpose Limitation: As we note in our section, “What is our legal basis for processing your Personal Data?”, we limit the collection of Personal Data to information relevant for the purposes of processing. We don’t process such Personal Data in a way that is incompatible with the purposes for which it has been collected or authorized by you. We take reasonable steps to ensure your Personal Data is reliable for its intended use, as well as accurate, complete, and current. We take reasonable and appropriate measures to comply with the Privacy Shield requirement to retain your Personal Data in an identifiable form only for as long as it serves the purpose of processing as outlined in this Privacy Policy, unless a longer retention period is required or permitted by law or by the Privacy Shield Principles. We will adhere to the Privacy Shield Principles for as long as we retain the Personal Data collected under the Privacy Shield.
6. Access: As described in our section, “What are your rights in relation to your Personal Data?,” you have the right to access your Personal Data and to correct, amend, or delete it if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to your privacy, or where the rights of other people would be violated). To exercise any of these rights, you can email us at info@heartwoodrecovery.com.

Recourse, Enforcement, and Liability: As noted above, our participation in the EU-U.S. and Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission. Our above section, “How can you launch a complaint if you’re unhappy with the way in which we collect or process your Personal Data?,” gives you all of the information you need to know about the recourse mechanisms you have about the way we process your Personal Data.

Because the Privacy Shield Principles are very important to us, and we want to remain certified, we periodically review and verify our compliance with the Privacy Shield Principles. In case any issues arise with our compliance, we’re committed to correcting them as soon as we can.

Privacy Practices Regarding Your Protected Health Information (HIPAA)

At Heartwood Recovery, we are committed to protecting your personal health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA). This notice describes how we may use and disclose your protected health information (PHI), your rights regarding that information, and our legal obligations to safeguard it.

1. How We May Use and Disclose Your Health Information

We may use and disclose your PHI for the following purposes, as permitted or required by law:

• Treatment: To provide, coordinate, or manage your care. For example, we may share information with your physician, therapist, or hospital if you become ill or require emergency care.
• Payment: To bill and collect payment from you, your insurance company, or a third party.
• Healthcare Operations: To assess the quality of our care and services, train staff, or conduct audits.
• When Required by Law: Such as in response to a court order, subpoena, or investigation.
• To Prevent Harm: If we believe you are a danger to yourself or others, we may disclose necessary information to appropriate authorities or individuals to prevent harm.
• Public Health and Safety: For example, reporting communicable diseases or complying with mandatory reporting for abuse or neglect.

2. Your Rights Regarding Your Health Information

You have the following rights regarding the health information we maintain about you:

• Right to Access: You may request a copy of your medical records or other health information we have about you.
• Right to Amend: If you believe the information we have is incorrect or incomplete, you may request an amendment.
• Right to Request Restrictions: You can ask us not to use or share certain information for treatment, payment, or operations. We are not required to agree to these requests, but will do our best to accommodate them.
• Right to Request Confidential Communications: You may request that we communicate with you in a specific way (e.g., via a different address or phone number).
• Right to an Accounting of Disclosures: You may request a list of times we shared your PHI, who we shared it with, and why.
• Right to a Paper or Electronic Copy of This Notice: You can ask for a copy of this notice at any time, even if you have agreed to receive it electronically.
• Right to File a Complaint: If you believe your privacy rights have been violated, you have the right to file a complaint with us or directly with the U.S. Department of Health and Human Services (HHS). We will not retaliate against you for filing a complaint.

3. Our Legal Duties

We are required by law to:

• Maintain the privacy and security of your protected health information.
• Provide you with this notice of our legal duties and privacy practices.
• Notify you promptly if a breach occurs that may have compromised the privacy or security of your information.
• Abide by the terms of this notice currently in effect.

4. Contact Information

If you have any questions about this notice, your rights, or how your information may be used, or if you wish to file a complaint, please contact:

Privacy Officer
Heartwood Recovery

Phone: 737-279-7505
Email: franks@heartwoodrecovery.com